Haha. that is always the question. I suggest copying the nginx.key aside and copying the slapd.key over the top of the current nginx.key as a test...

Code:

su - zimbra
cd conf

cp nginx.key old-nginx.key
cp nginx.crt old-nginx.crt

cp slapd.key nginx.key
cp slapd.crt nginx.crt

zmproxyctl restart

Then, your imap proxy should be using the same certificate and key as your ldap server, which doesn't appear to ask for a password. I will warn you though, I am just piddling around with a local vmware instance on my laptop, not a production server :)